In the related art, Near Field Communication (NFC) technique is a short-range wireless communication technique operating at 13.56 MHz. The technique is evolved from the fusion of Radio Frequency Identification (RFID) technique and interconnection technique. After being integrated with the NFC technique, mobile communication terminal such as mobile phone and the like can simulate non-contact Integrated Circuit (IC) card for application related to electronic payment. Moreover, the implementation of such solution on the mobile communication terminal requires is adding NFC analog front-end chip and NFC antenna to the terminal, and using a smart card supporting the electronic payment.
After being developed for more than ten years, the IC card, particularly the non-contact IC card, has been widely applied to fields such as public transport, access control, and small electronic payment, etc. In addition, after being rapidly developed for more than 20 years, the mobile phone has been applied extensively, and has brought significant convenience to people's work and life. Therefore, the application of the mobile phone to the field of electronic payment after being combined with non-contact IC card technique may further extend the usage range of the mobile phone and bring convenience to people's life, which has a wide application prospect.
In the related art, in order to implement mobile electronic payment based on the NFC technique, it is required to establish mobile terminal electronic payment system, and to implement management of mobile terminal electronic payment through the system. Specifically, the mobile terminal electronic payment system includes: issuing a smart card, downloading, installing and personalizing an electronic payment application, and adopting a related technique and management policy to implement security of the electronic payment.
Security domains are the representation of entities external to a card (including a card issuer and an application provider) on a smart card. They contain an cryptographic key used for supporting the operation of a security channel protocol and the management of card contents. If the electronic payment system supports Global platform Card Specification V2.1.1, the security channel protocol supports Secure Channel Protocol ‘02’ (based on a symmetric key). If the electronic payment system supports Global platform Card Specification V2.2, the security channel protocol supports Secure Channel Protocol ‘10’ (based on an asymmetric key). A security domain is responsible for its own cryptographic key management, which ensures that application and data from different application providers co-exist in the same card. When a key of a security domain adopts an asymmetric key mechanism, it is necessary for a certificate and a key of the security domain to include a public key (which can also be called a public cryptographic key) and a private key (which can is also be called a private cryptographic key) of the security domain, a certificate of the security domain, and a trust point's public key used for authenticating a certificate of an entity external to a card.
The security domain of an application provider on an intelligent card is a supplementary security domain. Before the electronic payment application of the application provider is downloaded and installed to the smart card, it is required on the smart card, to create a supplementary security domain of the application provider through an issuer security domain of the smart card that is owned by a card issuer, and then to set an cryptographic key of the supplementary security domain.
The cryptographic key of the security domain is confidential data, and it is required to employ a reliable and secure method and technique to import a relevant cryptographic key and certificate into the supplementary security domain, so as to implement secure distribution of the cryptographic key of the supplementary security domain. Specifically, the creation of the supplementary security domain requires a card issuer management platform to instruct creation of an issuer security domain on the smart card, and after the creation of the supplementary security domain is completed, the card issuer management platform needs to be responsible for setting and distributing an initial cryptographic key of the supplementary security domain.
When the supplementary security domain is created and the cryptographic key is distributed, a method adopted is as follows: the smart card establishes a communication with the card issuer management platform, and an application provider management platform establishes a communication with the card issuer management platform; the card issuer management platform instructs the issuer security domain of the smart card to establish the supplementary security domain, and a public/private key pair of the supplementary security domain is generated in the card by the supplementary security domain and is sent to the card issuer management platform; then, the card issuer management platform sends the cryptographic key generated by the supplementary security domain to the application provider management platform; the application provider management platform issues a certificate of the supplementary security domain according to the public key of the is supplementary security domain, and then imports the certificate of the supplementary security domain and the trust point's public key into the supplementary security domain through the card issuer management platform, thus completing the distribution of the key of the supplementary security domain.
But in such a situation, it is possible that when being responsible for data transfer, the card issuer management platform obtains data of the cryptographic key of the security domain that has been sent, and it may use the obtained key to execute operation on the supplementary security domain, which may result in a threat for the security of the electronic payment application of the application provider.
Therefore, there is an urgent need for a technical solution of solving a problem that the distribution of a key of a supplementary security domain is not secure.